This short post will walk through the steps required to automate Ghidra installation. This is useful when setting up Ghidra for multiple minimal Linux/Ubuntu installations to do quick Malware analysis.
The completed scripts can also be found in my Github:
https://github.com/LambdaMamba/AutomationScripts/blob/main/Ghidra
Table of contents
- Commands for Ghidra installation
- Automating Ghidra installation using a script
- A fancier script to first check the downloaded Ghidra hash
Commands for Ghidra installation
In this section, I'll be walking through the commands used to install Ghidra.
Most of these commands will require root privileges, so we'll log into the root account using,
sudo su
First of all, we need to add the openJDK repo, as Ghidra uses openJDK.
add-apt-repository ppa:openjdk-r/ppa
Next we'll need to update the package lists using
apt-get update
Next, we'll need to install unzip
, as we'll be downloading a Ghidra zip file from GitHub later. The -y
option is added so it will select y
when y/n is prompted. This will make the automation smoother, as it will not require user input.
apt-get install -y unzip
Next, we'll be installing JDK 11 through the package manager, as Ghidra will require JDK 11.
apt-get install -y openjdk-11-jdk
Next, we'll be downloading the Ghidra 10.1.5 ZIP file from NationalSecurityAgency's Ghidra repo,
wget https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.5_build/ghidra_10.1.5_PUBLIC_20220726.zip
Next, we will check the sha256 hash of the ghidra_10.1.5_PUBLIC_20220726.zip file.
sha256sum ghidra_10.1.5_PUBLIC_20220726.zip
The sha256 hash should be 17db4ba7d411d11b00d1638f163ab5d61ef38712cd68e462eb8c855ec5cfb5ed
. The hashes can be found in NationalSecurityAgency's Ghidra repo.
Next, we'll be unzipping the Ghidra ZIP file.
unzip ghidra_10.1.5_PUBLIC_20220726.zip
Go to the unzipped Ghidra directory
cd ghidra_10.1.5_PUBLIC
Then Ghidra can be run using
./ghidraRun
Automating Ghidra installation using a script
To automate the Ghidra installation process, we'll be using a Shell script with all the commands in the previous section.
Make a new .sh
file using,
nano auto_ghidra.sh
Paste the contents below into the auto_ghidra.sh
file,
#!/bin/bash
add-apt-repository ppa:openjdk-r/ppa
apt-get update
apt-get install -y unzip
apt-get install -y openjdk-11-jdk
wget https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.5_build/ghidra_10.1.5_PUBLIC_20220726.zip
unzip ghidra_10.1.5_PUBLIC_20220726.zip
cd ghidra_10.1.5_PUBLIC
./ghidraRun
Add the execution permissions to the script,
chmod +x auto_ghidra.sh
Finally, execute script using,
./auto_ghidra.sh
Now Ghidra will run!
The full script can be found here as well:
https://github.com/LambdaMamba/AutomationScripts/blob/main/Ghidra/auto_ghidra.sh
A fancier script to first check the downloaded Ghidra hash
The script in the previous section will completely automate the installation and will not prompt the user to double check the Ghidra ZIP file hash. If we want to double check the ZIP file hash before unzipping and running Ghidra, we will use sha256sum
on ghidra_10.1.5_PUBLIC_20220726.zip
, output the result, and ask the user before moving on.
If the user double checks that the hash is correct, it will unzip and run Ghidra. If not, it will delete the ghidra_10.1.5_PUBLIC_20220726.zip
file and quit.
#!/bin/bash
add-apt-repository ppa:openjdk-r/ppa
apt-get update
apt-get install -y unzip
apt-get install -y openjdk-11-jdk
wget https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.5_build/ghidra_10.1.5_PUBLIC_20220726.zip
hash=$(sha256sum ghidra_10.1.5_PUBLIC_20220726.zip)
echo 'The sha256 hash is' $hash
read -p 'Is this the correct hash for ghidra_10.1.5_PUBLIC_20220726.zip ? Yes (1) or No (0):' x
if [ $x == 1 ]
then
echo 'Correct hash, continuing to unzip and will run Ghidra'
unzip ghidra_10.1.5_PUBLIC_20220726.zip
cd ghidra_10.1.5_PUBLIC
./ghidraRun
elif [ $x == 0 ]
then
echo 'Wrong hash, quitting and deleting file'
rm ghidra_10.1.5_PUBLIC_20220726.zip
fi
The sha256 hash should be 17db4ba7d411d11b00d1638f163ab5d61ef38712cd68e462eb8c855ec5cfb5ed
, which can be found in NationalSecurityAgency's Ghidra repo.
The Yes/No prompt for hash checking:
If Yes (1) is selected:
If No (0) is selected:
The full script can be found here as well:
https://github.com/LambdaMamba/AutomationScripts/blob/main/Ghidra/auto_ghidra_hash.sh
Thanks for reading! Have fun doing malware analysis with Ghidra on Linux!
Oldest comments (0)